mirror of
https://gitdl.cn/https://github.com/chakralinux/desktop.git
synced 2025-01-24 02:22:13 +08:00
46 lines
1.6 KiB
Diff
46 lines
1.6 KiB
Diff
From: Albert Astals Cid <aacid@kde.org>
|
|
Date: Thu, 13 Nov 2014 14:06:01 +0000
|
|
Subject: Sanitize html
|
|
X-Git-Url: http://quickgit.kde.org/?p=kwebkitpart.git&a=commitdiff&h=641aa7c75631084260ae89aecbdb625e918c6689
|
|
---
|
|
Sanitize html
|
|
|
|
As discussed by the security team
|
|
---
|
|
|
|
|
|
--- a/src/webpage.cpp
|
|
+++ b/src/webpage.cpp
|
|
@@ -226,23 +226,26 @@
|
|
doc += QL1S( "<h3>" );
|
|
doc += i18n( "Details of the Request:" );
|
|
doc += QL1S( "</h3><ul><li>" );
|
|
- doc += i18n( "URL: %1", reqUrl.url() );
|
|
+ // escape URL twice: once for i18n, and once for HTML.
|
|
+ doc += i18n( "URL: %1", Qt::escape( Qt::escape( reqUrl.prettyUrl() ) ) );
|
|
doc += QL1S( "</li><li>" );
|
|
|
|
const QString protocol (reqUrl.protocol());
|
|
if ( !protocol.isNull() ) {
|
|
- doc += i18n( "Protocol: %1", protocol );
|
|
+ // escape protocol twice: once for i18n, and once for HTML.
|
|
+ doc += i18n( "Protocol: %1", Qt::escape( Qt::escape( protocol ) ) );
|
|
doc += QL1S( "</li><li>" );
|
|
}
|
|
|
|
doc += i18n( "Date and Time: %1",
|
|
KGlobal::locale()->formatDateTime(QDateTime::currentDateTime(), KLocale::LongDate) );
|
|
doc += QL1S( "</li><li>" );
|
|
- doc += i18n( "Additional Information: %1" , text );
|
|
+ // escape text twice: once for i18n, and once for HTML.
|
|
+ doc += i18n( "Additional Information: %1", Qt::escape( Qt::escape( text ) ) );
|
|
doc += QL1S( "</li></ul><h3>" );
|
|
doc += i18n( "Description:" );
|
|
doc += QL1S( "</h3><p>" );
|
|
- doc += description;
|
|
+ doc += Qt::escape( description );
|
|
doc += QL1S( "</p>" );
|
|
|
|
if ( causes.count() ) {
|
|
|